Skip to main content

A complete guide to securing Spring RESTful web services using HTTP Basic Authentication header

Image
By Asif Shah
In the following tutorial, I have shown you how to develop RESTful web services using Spring Boot

Spring Data Rest web services for Beginners - Step By Step Guide

This is a simple and easy written tutorial for beginners who are interested to explore the trending and widely used J2EE framework.

In this tutorial, we will learn how to secure the Restful web services using the HTTP Basic Authentication header.

According to rfc7617, basic authentication is the method for HTTP user agent to provide the following two pieces of information in a request

  • User Name
  • Password
In this method, the HTTP request contains the header in the following format

Authorization: Basic <credentials> 

where <credentials> is base64(username:password)

Step 1

Add the following dependency to the maven

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-security</artifactId>
<dependency>

Step 2

We will extend the WebSecurityConfigurerAdapter class to implement the basic HTTP authentication. We will override the following two methods

  • configure( HttpSecurity http )

             This method enables the Basic HTTP authentication.

  • configure( AuthenticationManagerBuilder auth )

           This method implements the logic for authentication. For simplicity, I am just matching the user name and password with dummy strings. You can implement the JDBC based or other login logic here.

@Configuration
public class BasicAuthenticationSecurity extends WebSecurityConfigurerAdapter {

     @Override
    protected void configure( HttpSecurity http ) throws Exception {
        // TODO Auto-generated method stub
        http.csrf().disable().authorizeRequests().anyRequest()
          .authenticated().and().httpBasic();
    }

     @Override
    protected void configure( AuthenticationManagerBuilder auth ) throws Exception {
        // TODO Auto-generated method stub
        auth.inMemoryAuthentication()
        .withUser("test")
        .password("{noop}123")
        .roles("USER");
    }

    
}



We have now successfully implemented the code. Now let's test the code using Postman (the rest client)

The full source code for this tutorial can be found at SpringRestBasicAuthentication

We will get 401 Unauthorized if login credentials are not provided or wrong credentials are provided i.e.

Entering the correct credentials will authenticate the request and process it



Please leave your comments below.



Labels:

Comments

Post a Comment

Popular posts from this blog

Eclipse - Server Tomcat v8.5 Server at localhost failed to start.

By Asif Shah
When I try to launch the tomcat from Eclipse, I encountered the following error Server Tomcat v8.5 Server at localhost failed to start. Solution Step 1  Delete the .snap file located at the following location     eclipse workspace Path\ .metadata\.plugins\org.eclipse.core.resources Step 2 Delete the  tmp0  folder from the following path      eclipse workspace Path \.metadata\.plugins\org.eclipse.wst.server.core Step 3  Delete the server from servers list Step 4  Remove already added Tomcat Server      i)  Click on Define a new Server     ii)  Select Server Runtime Environments     iii) Select the Tomcat Server and remove it as follows Remove Selected Server Step 5 Make sure that correct version of Server is configured in Project Properties Step 6 Restart the Eclipse IDE.
79 comments
Read more

Intellij : How to add @author comment to every new class

By Asif Shah
 Introduction In this tutorial, we will learn how to add @author comments to every new class that we create. We can achieve it using either of the following two solutions Solution 1:  Automatically add @author comments to every new class using Files and Code Templates Open File -> Settings -> Editor -> File and Code Templates -> Includes Click on Includes . Under File Header , enter the following comments text /**  * @author ${USER}  * @Date ${DATE}   */ Intellij - add @author comments Solution 2: Autocompletion of @author Open File  ->  Settings  ->  Editor  -> Live Templates Select Java and then click on + button In Abbreviation, enter @a In template text , enter the following comments           /**             * @author ${USER}             * @Date ${DATE}            */ In option , Expands with select SPACE Intellij - Autocompletion @author You can simply add the @author comments by typing @a and then click SPACE
3 comments
Read more

hibernate-release-5.4.4.Final - Required Jars

By Asif Shah
Introduction Hibernate (Object Relational Mapping framework) is an implementation of Java Persistence API (JPA) specification.   Required Jars for Hibernate 5.4.4 Following Jars resided inside the required folder are the mandatory jars required for Hibernate 5.4.4 antlr-2.7.7.jar byte-buddy-1.9.11.jar classmate-1.3.4.jar dom4j-2.1.1.jar FastInfoset-1.2.15.jar hibernate-commons-annotations-5.1.0.Final.jar hibernate-core-5.4.4.Final.jar istack-commons-runtime-3.0.7.jar jandex-2.0.5.Final.jar javassist-3.24.0-GA.jar javax.activation-api-1.2.0.jar javax.persistence-api-2.2.jar jaxb-api-2.3.1.jar jaxb-runtime-2.3.1.jar jboss-logging-3.3.2.Final.jar jboss-transaction-api_1.2_spec-1.1.1.Final.jar stax-ex-1.8.jar txw2-2.3.1.jar Hibernate 5.4.4 release is compatible with  Java 8 or 11  JPA 2.2 References https://hibernate.org/orm/releases/5.4/
Post a Comment
Read more